CIRCLE WITH A DOT

2026-04-02 RDP #Honeypot IOCs - 768 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:106.51.23.167 - 417143.198.111.35 - 147122.165.249.151 - 48Top ASNs:AS24309 - 417AS14061 - 165AS24560 - 48Top Accounts:hello - 633Administr - 27142.93.8.59 - 27Top ISPs:Atria Convergence Technologies Pvt. Ltd. - 417DigitalOcean, LLC - 165BHARTI - 48Top Clients:Unknown - 768Top Software:Unknown - 768Top Keyboards:Unknown - 768Top IP Classification:Unknown - 549hosting & proxy - 147hosting - 72Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

You asked for more than the standard Premium CTI quota for your SOC/HomeLab/SIEM. We listened.CrowdSec CTI has always been powered by the community. As your use cases grew, so did your need for data.Today, we’re rolling out Self-Service CTI API Key options Whether you’re:• A cybersecurity pro scaling research• An SMB/SecOps team integrating into your SIEM/SOAR (like our Microsoft Sentinel Playbook)• An Enterprise power-user running heavy investigationsYou can now scale your quota to match your real usage. No friction, just more of the world’s best crowdsourced IP reputation data Check out how to scale your CTI access: https://app.crowdsec.net/pricing#cybersecurity #threatintel #SOC #infosec

2026-03-30 RDP #Honeypot IOCs - 227 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:143.198.111.35 - 16580.66.83.74 - 980.94.95.221 - 7Top ASNs:AS14061 - 165AS396982 - 15AS204428 - 15Top Accounts:hello - 170Administr - 18Domain - 15Top ISPs:DigitalOcean, LLC - 165Google LLC - 15SS-Net - 15Top Clients:Unknown - 227Top Software:Unknown - 227Top Keyboards:Unknown - 227Top IP Classification:hosting & proxy - 165Unknown - 39hosting - 17Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

Signal > noise.GreyNoise: 242K new IPs, 99.7% no TCP handshake.Real activity?UCLOUD +472%, multi-protocol scans.Are you validating sources?Source: https://www.greynoise.io/blog/ghost-fleet-half-new-scanning-ips-geolocated-to-hong-kongComment + follow TechNadu#Infosec #ThreatIntel #SOC

2026-03-19 RDP #Honeypot IOCs - 264 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:103.9.207.80 - 11480.94.95.221 - 3688.214.25.121 - 12Top ASNs:AS135905 - 114AS204428 - 36AS396982 - 27Top Accounts:hello - 120142.93.8.59 - 48Administr - 36Top ISPs:SUNSOFT - 114SS-Net - 36Google LLC - 27Top Clients:Unknown - 264Top Software:Unknown - 264Top Keyboards:Unknown - 264Top IP Classification:Unknown - 198hosting - 63hosting & proxy - 3Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-19 RDP #Honeypot IOCs - 176 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:103.9.207.80 - 7680.94.95.221 - 2488.214.25.121 - 8Top ASNs:AS135905 - 76AS204428 - 24AS396982 - 18Top Accounts:hello - 80142.93.8.59 - 32Administr - 24Top ISPs:SUNSOFT - 76SS-Net - 24Google LLC - 18Top Clients:Unknown - 176Top Software:Unknown - 176Top Keyboards:Unknown - 176Top IP Classification:Unknown - 132hosting - 42hosting & proxy - 2Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-19 RDP #Honeypot IOCs - 88 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:103.9.207.80 - 3880.94.95.221 - 1288.214.25.121 - 4Top ASNs:AS135905 - 38AS204428 - 12AS396982 - 9Top Accounts:hello - 40142.93.8.59 - 16Administr - 12Top ISPs:SUNSOFT - 38SS-Net - 12Google LLC - 9Top Clients:Unknown - 88Top Software:Unknown - 88Top Keyboards:Unknown - 88Top IP Classification:Unknown - 66hosting - 21hosting & proxy - 1Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

2026-03-10 RDP #Honeypot IOCs - 198 scansThread with top 3 features in each category and links to the full dataset#DFIR #InfoSecTop IPs:39.96.172.69 - 60170.64.228.22 - 3080.94.95.221 - 21Top ASNs:AS37963 - 60AS396982 - 36AS14061 - 30Top Accounts:hello - 114Administr - 24Test - 15Top ISPs:Hangzhou Alibaba Advertising Co - 60Google LLC - 36DigitalOcean, LLC - 30Top Clients:Unknown - 198Top Software:Unknown - 198Top Keyboards:Unknown - 198Top IP Classification:hosting - 153Unknown - 45Pastebin links with full 24-hr RDP Honeypot IOC Lists:Bad API request, invalid api_dev_key#CyberSec #SOC #Blueteam #SecOps #Security

I post these scenarios every Tuesday! We're up to 135 of them so far! If you enjoy them, you'll probably like my Investigation Theory class where I work with folks directly on improving their investigative skills leverage principles from cognitive science: https://www.networkdefense.co/courses/